Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: RE: How do VA scans work technically

RE: How do VA scans work technically

From: sandip <asandip_at_talentbeat.com>
Date: Fri, 25 Jul 2008 18:10:11 +0530

Hi Aseem,

Can you please tell me some tool so that I can start VA.

Thanks & Regards,
Sandip Ambekar
System Administrator
Direct: 9922913243
Office: 1-781-269-5209, Ext : 270
TalentBeat Inc.

www.talentbeat.com
 
DISCLAIMER:
This e-mail may contain privileged and confidential information which is the
property of TalentBeat Inc. It is intended only for the use of the
individual or entity to which it is addressed. If you are not the intended
recipient, you are not authorized to read, retain, copy, print, distribute
or use this message. If you have received this communication in error,
please notify the sender and delete all copies of this message. TalentBeat
Inc. does not accept any liability for virus infected mails.
-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On
Behalf Of Aseem Kumar
Sent: Thursday, July 10, 2008 11:18 PM
To: pen-test_at_securityfocus.com
Subject: Re: How do VA scans work technically

I am just starting with VA and have got lots of material to go through.
Some of the replies have really been very informative for me.
I was not initially hoping for so many responses. I will be putting up
a little test lab to work out with free tools at home.

Thanks a lot to everyone.

Regards
Aseem

On Thu, Jul 10, 2008 at 4:49 PM, Rivest, Philippe <PRivest_at_transforce.ca>
wrote:
> Don't know if you got an answer for this. But yes, you should at all time
> double/triple verify the result of automated scans. You should do this in
2
> separated operations
>
> 1- Identify false positive
> 2- Identify false negative
>
> Those are very important. It is very important to understand that a
scanner
> may not get all the vulnerability (or take one as negative) and you will
then
> say to your client "its all good!" when in fact its not. And theres also
the
> "ITS SOOOOooo BAD" (false positive) when everything is good.
>
> From my own experience, I remember running Nikto against my clients web
> server and I got more or less 75-150 vulnerability & warnings. Years later
I
> have yet to identify why, but only a very few were actual flaws & warning
> when I tested them manually.
>
>
> For your non standard port, this is how you should go about it.
>
> 1- Port scan the machine from 1 - 65536
> 2- All ports that are strange, "telnet ip port" "GET / HTTP/1.0"
> 3- If you get an answer from #2 you just identified a web server
> 4- Run your tools on that port
>
>
> If you disabled all the banners and such, I would go about reading the
source
> code of your pages (just a few of them). I would try to identify default
> files that you left on the web server that could help me identify the web
> service. I would (of course) identify if it's a windows box or linux to
try
> and *limit* the possibilities.
>
> Merci / Thanks
> Philippe Rivest, CEH
> Vérificateur interne en sécurité de l'information
> Courriel: Privest_at_transforce.ca
> Téléphone: (514) 331-4417
> www.transforce.ca
>
> Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est
long.
> You could print this email, but it does takes a long time to grow trees.
>
>
> -----Message d'origine-----
> De : listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] De
la
> part de Aseem Kumar
> Envoyé : 9 juillet 2008 04:52
> À : pen-test_at_securityfocus.com
> Objet : Re: How do VA scans work technically
>
> Hi,
>
> Thanks for all the gr8 replies.
>
> Showing of already remediated vulnerabilities was what i was concerned.
> So i always have to take the reports from these scans with a pinch of
> salt. They even might miss something.
>
> But what if i am running say a web server on a non-standard port and
> have really disabled all settings that might allow an outsider to get
> a banner or version number of underlying application then will the
> scanners still be able to do some heuristics and come out with nearly
> correct answers.
>
> Can someone point me to any link that will provide more insight into
> this process.
>
> Regards
> Aseem
>
> On Wed, Jul 9, 2008 at 11:07 AM, Killy <killfactory_at_gmail.com> wrote:
>> Nessus can ne configured to perform safe scans. It will still for blank
>> root, as and administrator passwords under that config.
>>
>> So, it depends on your definition of exploit :)
>>
>> Nessus can also be configured to prrerform brute force attacks using a
> hydra
>> plugin/module
>>
>> You also perform thorough tests/scans.
>>
>> I have feeling that you are wanting to if nessus and qualys operate like
>> metasploit, canvas or other exploit frameworks.
>>
>> I would say no. But nessusbis very flexible and you can customize It and
>> create your own plugin to do just about anything.
>>
>> There is plenty of documentation and help online.
>>
>> Sent from my iPod
>>
>> On Jul 8, 2008, at 4:02 PM, "Aseem Kumar" <kumaraseem_at_gmail.com> wrote:
>>
>>> Hey,
>>>
>>> Can someone tell me (any weblink , any ebook, or direct answers) as to
>>> how the VA scans like those of Qualys or Nessus work?
>>>
>>> How do they find the vulnerabilities of a system without ever exploiting
>>> it?
>>>
>>> Regards
>>> Aseem
>>>
>>> ------------------------------------------------------------------------
>>> This list is sponsored by: Cenzic
>>>
>>> Top 5 Common Mistakes in
>>> Securing Web Applications
>>> Get 45 Min Video and PPT Slides
>>>
>>> www.cenzic.com/landing/securityfocus/hackinar
>>> ------------------------------------------------------------------------
>>>
>>
>
>
>
> --
> Love enables you to put your deepest feelings and fears in the palm of
> your partner's hand, knowing they will be handled with care.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
> 

-- 
Love enables you to put your deepest feelings and fears in the palm of
your partner's hand, knowing they will be handled with care.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Jul 25 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos